Stemming the Flood

Software: New devices could protect Web sites from a common threat.

Since January of 2000, computer saboteurs have knocked out some of the biggest sites on the Web-like eBay,, and Microsoft’s Hotmail and Expedia-by flooding them with bogus Internet traffic. Unlike most computer sabotage, swamping a server requires no breach of security and little computer expertise. The inundating traffic is otherwise innocuous; there’s just too much of it, coming too fast. And programs for launching these “denial-of-service” attacks-so called because the bogus traffic denies legitimate users access to the server-can easily be found online.

But new hardware from several U.S. startups could help sites identify attacks before their servers go under. The leading approach is to monitor a Web site’s traffic, determine its typical ranges of activity and then flag suspicious fluctuations. “One thing about these attacks,” says Rob Malan, chief technology officer and cofounder of one of the startups, Waltham, MA-based Arbor Networks, “is that they are not subtle.” Indeed, they even look much different from the sudden surges of traffic that might accompany, say, an ad for your Web site that runs during the Super Bowl; in a denial-of-service attack, a few computers might download the same data thousands of times, for example. Once identified, bad traffic can be filtered out of the data stream.

When a packet of data travels over the Internet, it passes through a series of routers. Each router looks at the packet, reads its addressing and identification information, and speeds it on its way. Most high-end routers keep statistics on the traffic they see, so both Arbor and Seattle-based Asta Networks sell boxes that plug into routers, analyze their traffic statistics and alert network operators to any anomalies. The Arbor box, which reached the market in May, sends suggested criteria for filtering bad data along with the alert; Asta’s device, released in June, instead sends an exhaustive profile of the suspect traffic.

This story is part of our September 2001 Issue
See the rest of the issue

Mazu Networks of Cambridge, MA, offers a variation on the theme: a device that taps directly into the data stream to observe the traffic whizzing by. The Mazu box isn’t tied to any particular router technology and can, if necessary, investigate a packet’s cargo, which routers don’t examine. But unlike Arbor and Asta, it can’t yet handle the top speeds of the fastest Internet connections available; and it requires a second device to filter bad packets. The Mazu system completed beta testing in April and was formally launched in June.

Captus Networks of Woodland, CA, takes a different approach. The Captus device allows network operators to set a rate limit on incoming traffic. When the limit is exceeded, the device sends standard Internet Protocol requests to all the computers connected to it, asking that they slow their transmissions. Computers generating legitimate traffic respond accordingly; malicious computers don’t, and their traffic is then filtered out.

Some industry insiders worry that such close attention to each incoming packet could slow a network down. “I don’t want another box inline to pass my packets through,” says analyst Michael Rasmussen of Giga Information Group. But Zeus Kerravala of the Yankee Group believes the Captus device is fast enough to keep up with server traffic for “at least a year and a half to two years,” and that “the technology will improve in that time.” NASA’s Ames Research Center and Exodus Communications of Santa Clara, CA, are currently evaluating the device.

With four new options to choose from, the Web’s most popular sites should-for the time being-be able to shield themselves from vindictive 13-year-olds.

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.
Subscribe today

Uh oh–you've read all five of your free articles for this month.

Insider Premium

$179.95/yr US PRICE

More from undefined

Want more award-winning journalism? Subscribe to Insider Premium.

  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Join in and ask questions as our editors talk to innovators from around the world.

You've read of free articles this month.